Security of Dual segments on the same Lan

August 19, 2009 at 07:01:47
Specs: Windows XP, NA
I have a resonable knowledge of networks but would like to seek some advice from more knowledgeable forum members.
I currently have two ADSL circuits to the internet. One has a block of 8 fixed IP addresses and the other a dynamic IP. I have a gigabit ethernet lan with a private IP address range served by the router with the dynamic IP.
I have two servers and a number of PC's and laptops connected to this LAN. The ADSL with the fixed IP was ordered to provide fixed IP addresses for a number of web sites I am hosting.

At the moment the two networks are physically completely seperate. The No-Nat router has a hub to which separate NICs in the server are connected. However it is a real pain when I want to physicall connect another PC to the No-Nat router.

Can I safely run the two network segments on the same LAN? i.e. my private address scope and the 5 available public IP addresses supplied by my ISP. That way I can connect anywhere to the LAN and just configure TCP/IP on the PC to route out via an alternate gateway.
Can a dedicated hacker gain access to my files on my LAN by accessing via the No-Nat router? If so do you have any other suggestions on a safer network setup using the same physical network wiring?
Unfortunately the No-Nat router is not capable of 1 to 1 NAT, and any such routers are too expensive.
Many Thanks

See More: Security of Dual segments on the same Lan

Report •

August 19, 2009 at 07:45:00
Can I safely run the two network segments on the same LAN?

It would take a lot of effort to set it up so as to have them secure from each other.

From the way I see it, the best thing to do would be to buy a SOHO router and connect the two networks to it and setup routing between. One side would connect to the WAN port (for example, your outward facing, public network) and the other, the LAN side.

Report •

August 19, 2009 at 08:27:33
The public stuff should be in a DMZ zone before your private network.

I have been in IT for awhile now and have never heard of a No Nat router. That is a contradition in terms. Perhaps you mean bridge?

It does appear that your public servers are at risk.

Report •

August 20, 2009 at 13:50:32
Thanks Wanderer,
What I mean by No Nat is that I have disabled NAT within the router. This was the only way to be able to directly use the 5 usable public IP addresses assigned to me by my ISP. See item under No Nat

Most consumer routers cannot handle one to one nat so I cannot route each public IP to a private IP using this router.

At the moment to enable me to utilise more than the 5 addresses i have cascaded another router and assigned its WAN port with one of the five available public IPs. That way I can use NAT and DHCP on the "private" side of the router.

Are you and Curt saying that it is not really feasible to mix a public IP address segment and Private address segment over the same physical lan without compromising security?


Report •

Related Solutions

Ask Question